[gpm]Re: gpm 1.19.4 X Raw Hide version

Preston Brown pbrown@redhat.com
Mon, 24 Sep 2001 22:52:02 -0400 (EDT) 

On Sun, 9 Sep 2001, Frédéric L. W. Meunier wrote:

> Hi Nico and all. I think it's better to contact Preston
> Brown. Reading gpm.spec, I bet he made some patches.

Yes, we have made several patches over the years.  Comments follow.

> About gpm-1.19.3-root.patch:
> 
> -       $(INSTALL_PROGRAM) -o root -m 755 disable-paste $(bindir)/disable-paste
> +       $(INSTALL_PROGRAM) disable-paste $(bindir)/disable-paste
> 
> I think Red Hat removed -o root -m 755 because it's the
> default.

Mainly because we don't build RPMs as a root user for security concerns 
(everything should be buildable as non-root), and this breaks that.

> > >    gpm-1.19.2-limits.patchName: gpm-1.19.2-limits.patch
> > >                           Type: Plain Text (text/plain)
> > 
> > OPEN_MAX is defined in linux/limits.h.
> > So we can use it. Short: refused/already applied.

Yes, but OPEN_MAX is a poor fallback from the actual value obtained from 
the sysconf() system call.  The summary says it all:

SYSCONF(3)          Linux Programmer's Manual          SYSCONF(3)

NAME
       sysconf - Get configuration information at runtime

It is also POSIX compliant.  And OPEN_MAX has fluctuated through glibc 
2.x's development in its presence.

> > >    gpm-1.19.3-devfs.patchName: gpm-1.19.3-devfs.patch
> > >                          Type: Plain Text (text/plain)
> > 
> > refused. why shouldn't we use /dev/console ? It still exists in devfs.
> > the #if 1 is removed in the next release.

We found that some devfs kernels didn't have a /dev/console during testing 
back in January, and thus made this patch.  The situation may or may not 
have changed.  

> > >    gpm-1.19.3-noworldwrite.patchName: gpm-1.19.3-noworldwrite.patch
> > >                                 Type: Plain Text (text/plain)
> > 
> > nothing applied. parts where also senseless:
> > 
> > +      unlink(tmp_pidfile);
> > 
> > unlink the pidfile of another running gpm!
> > refused.

Hmm.  OK, so you are going to leave use of mktemp, a known insecure 
function, which has caused countless security issues?  The unlink fixes a 
problem associated with the security fix. See RPM changelog, and trust 
use, we dealt with this patch with other vendors on our security lists.

> > >    gpm-1.19.3-serialconsole.patchName: gpm-1.19.3-serialconsole.patch
> > >                                  Type: Plain Text (text/plain)
> > 
> > I don't know much about serialconsole.
> > Do we really need so much code for the serial
> > console ? Where's the matter with the normal code ?
> > delayed until someone helps me with serialconsole (maybe you ?).

>From Red Hat bug report #15784:

"If gpm RPM is installed, gpm attempts to run
on /dev/console rather than on /dev/tty0.
If console is serial with a kernel option,
gpm prints garbage to the console and loops."

So we fixed it.  Yes, you need that much code to detect presence of a 
serial console.

-- 
  Preston Brown
  Director, Linux Development
  Red Hat, Inc.
  pbrown@redhat.com
  +1 919 547 0012 x280